Changes between Initial Version and Version 1 of Ticket #2213
- Timestamp:
- May 18, 2022, 3:51:01 PM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #2213 – Description
initial v1 1 1 In der tracking.php werden in Zeile 37 und 40 zwei GET Parameter ungefiltert in die Session geschrieben. 2 2 Never trust an external parameter :) 3 4 $_SESSION['tracking']['refID'] = $_GET['refID'];3 {{{ 4 $_SESSION['tracking']['refID'] = $_GET['refID']; 5 5 $sql_data_array = array( 6 6 'user_ip' => ip_clearing($_SESSION['tracking']['ip']), … … 8 8 'time' => 'now()' 9 9 ); 10 }}}
